Some interesting questions were discussed following my presentation, including:

How does the distillation process cope with the overall mobile software eco-system?At the moment we have only considered the peer-to-peer information flows between the end users of the mobile application. However, it should be possible to use the Privacy Facets Framework to consider the information, information flows and actors in the overall mobile software eco-system. Of course some extensions will be required, for example to capture factors such the legal and regulatory aspects of privacy associated with the places in which in the information, information flows and actors operate.

Can distillation also be used for other requirements of the application?We don't advocate using distillation for eliciting functional requirements because there are already well established methods for this. Instead we see distillation as a complementary technique that can augment functional requirements elicitation by focussing on 'more tacit' types of requirements like privacy.

Does focussing on individual privacy sensitive contexts hide some of the 'bigger picture' of the system, based on the interactions between different contexts?This is a valid concern and is not currently addressed in the distillation process. One way to deal with this problem might be to look at ways of using the information flow modelling to relate different privacy sensitive contexts to each other. These relationships could be highlighted using a visualisation tool to help the analyst to explore the interactions and keep track of the 'big picture'.

What types of privacy requirements were discovered in real-world applications?We used the distillation process to analyse two types of mobile applications, Mobile Facebook and a mobile location sharing app. When we carried out the empirical study of Mobile Facebook users in 2008/2009, Facebook did not have any functionality to group friends into lists and specify privacy preferences using these lists. Our analysis highlighted the need for such functionality in order to address users' privacy concerns.

Comments

Post a Comment

Popular Posts

There is a proliferation of devices being developed to form the building blocks of the Internet of Things (IoT), from Internet-connected power sockets and light bulbs to kettles, toasters and washing machines. However, to realise the full potential of the IoT, it will be necessary to allow these devices to interconnect and share data with each other to deliver the functionalities required by end-users. In recent research on end-user programming for the IoT, my colleagues Pierre Akiki, Yijun Yu and myself have proposed the notion of Visual Simple Transformations (ViSiT), that provides a visual programming paradigm for users to wire together IoT devices. The video above shows a demonstration of the ViSiT solution and full details of the approach will appear in an upcoming special issue of the ACM Transactions on Computer-Human Interaction (ToCHI).

IOT-2016 7-9 September, 2016, Stuttgart, Germany from Charith Perera
Recent DDoS attacks on key internet services, like the attack that affected the Dyn domain name service, highlighted the security challenges associated with the proliferation of insecure Internet of Things (IoT) systems. This attack exploited common vulnerabilities like the use of default administration passwords on IoT devices such as internet-enabled CCTV cameras, internet-enabled appliances and smart home devices, to recruit over hundreds of thousands of nodes into a botnet. This capability highlights the cyber security threats associated with the IoT and brings into sharp relief the importance of considering both security and privacy when designing these systems.

In recent work, presented at the Internet of Things Conference, we describe a privacy-by-design framework for assessing the privacy capabilities of IoT applications and platforms. Building on more general design strategies for privacy in informaiton …

UPDATE: Exciting opportunities to join the team for this research project - we have vacancies for a Software Engineering post-doc: http://www.open.ac.uk/about/employment/vacancies/post-doctoral-research-associate-15086and a Research Software Engineer: http://www.open.ac.uk/about/employment/vacancies/research-software-engineer-15085
I am excited to learn that our bid to undertake a new EPSRC funded research project, "Citizen Forensics" has been successful. The project sits at the intersection of software engineering, psychology, policing and power/politics/economics, exploring the use of technology to improve collaboration between citizens and the police. I will be leading the project, which will involve my colleagues Blaine Price, Bashar Nuseibeh, Graham Pike (OU Psychology / Centre for Policing Research & Learning), Mark Levine (Psychology Exeter) and Peter Bloom (OU Faculty of Business & Law).

A key challenge of the project is to investigate how adaptive software…